Analysis Overview
SHA256
1b1eebac29f8ab1a41e5f20bbdceefb3341e93bc3d55a0f995c902b0fe877fe2
Threat Level: Known bad
The file app-release.apk was found to be: Known bad.
Malicious Activity Summary
Antidot family
Antidot payload
Loads dropped Dex/Jar
Queries information about active data network
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-26 06:45
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 06:45
Reported
2024-11-26 06:48
Platform
android-33-x64-arm64-20240624-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.36:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.178.3:443 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.200.36:443 | udp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |
/data/misc/profiles/cur/0/com.topjohnwu.magisk/primary.prof
| MD5 | 21bfb2f028e93dd984e218d6ca0b9c96 |
| SHA1 | 85fd6405930177cf328a066a06eab8636e370c6c |
| SHA256 | 4b71e39a22ec559c4cc8f8306273c4d566453a743c0539b6b8995dc6d679756e |
| SHA512 | 8c9d932f0a49bb0128469a061c2197de9be9da746fa382cac241364cea7fc0dd459018abbc473c8b2d64859edf376dc656c9279ed00d748f57a0343a6ca78f9a |
/data/data/com.topjohnwu.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 29a24a2ac5e5021ef126794dc15553d2 |
| SHA1 | f4f7ca74aba523af77b2c4e02d9a2cf3c628c67c |
| SHA256 | 1fd13ebdf71837dc24d12627dacfa50e34880d141e24b8323b20576fdab573cf |
| SHA512 | 8c4409d19e3b43db7caefb34136df713b2614d82cdc7849484d23c42d3ce112044a3ea447fc948d3ff8b058e506dbc8929b169a2ab9a6838025b0de413748dce |
/data/data/com.topjohnwu.magisk/files/profileInstalled
| MD5 | cc0e62a36a51ca9f50b26e0899dc731c |
| SHA1 | e72a66683072056ef091660e1824d612bcbc3eab |
| SHA256 | 367949c2a6d9d9b0735c7013d1e0954d9eddba786c76ab2f4a7dcd9e455519b0 |
| SHA512 | d933fd4f6d0bf6362f781bc963a6a0b84b0f6b3999a1016f9218827356d361a849cae587930d79a45777473a13ec2342ae091a19dcbb8e0e5ed8a37b645110ee |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 06:45
Reported
2024-11-26 06:46
Platform
android-33-x64-arm64-20240624-en
Max time kernel
7s
Max time network
29s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.extensions.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
| N/A | /system_ext/framework/androidx.window.sidecar.jar | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.topjohnwu.magisk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| GB | 142.250.187.238:443 | tcp | |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | udp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
Files
/system_ext/framework/androidx.window.extensions.jar
| MD5 | 3056e1bdb7d4e19789d0319eff484bd0 |
| SHA1 | 6791ae47aa9466fe0bca27ad6643f846853bbee4 |
| SHA256 | 8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0 |
| SHA512 | c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658 |
/system_ext/framework/androidx.window.sidecar.jar
| MD5 | 29469324e59dfcc052f24b5af4e7b2c4 |
| SHA1 | 10c1e17ac6f598037bb51baa07945663645de4eb |
| SHA256 | 9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a |
| SHA512 | 5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2 |